GHSA-xc7j-wj36-qjfr

Опубликовано: 06 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid

Summary

If a client sends a BookEditPacket with InventorySlot greater than 35, the server will crash due to an unhandled exception thrown by BaseInventory->getItem().

Details

Crashes at https://github.com/pmmp/PocketMine-MP/blob/b744e09352a714d89220719ab6948a010ac636fc/src/network/mcpe/handler/InGamePacketHandler.php#L873

PoC

Using Gophertunnel, use serverConn.WritePacket(&packet.BookEdit{InventorySlot: 36})

Impact

Server crash, all servers

Patched versions

This issue was fixed by 47f011966092f275cc1b11f8de635e89fd9651a7, and the fix was released in 5.11.2.

Ссылки

https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-xc7j-wj36-qjfr
https://github.com/pmmp/PocketMine-MP/commit/47f011966092f275cc1b11f8de635e89fd9651a7
https://github.com/pmmp/PocketMine-MP/blob/b744e09352a714d89220719ab6948a010ac636fc/src/network/mcpe/handler/InGamePacketHandler.php#L873

Пакеты

Наименование

pocketmine/pocketmine-mp

composer

Затронутые версииВерсия исправления

< 5.11.2

5.11.2

7.5 High

CVSS3

7.5 High

CVSS3